Vulnerability Note VU#839284
Microsoft Windows TCP/IP fails to properly validate IGMP packets
Microsoft Windows implementations of the TCP/IP protocol fail to properly validate IGMP packets, leading to a denial-of-service condition.
TCP and IGMP
The Transmission Control Protocol (TCP) is defined in RFC 793 as a means to provide reliable host-to-host transmission between hosts in a packet-switched computer network. The Internet Group Management Protocol version 3 (IGMPv3) is defined in RFC 3376 as a protocol to help manage multicast connections over the internet.
By sending a specially crafted IGMPv3 packet to a vulnerable system, an unauthenticated, remote attacker could cause that system to stop responding.
Apply an Update
Microsoft has addressed this issue in Microsoft Security Bulletin MS06-007.
Please see Microsoft Security Bulletin MS06-007 for a list of workarounds to mitigate this vulnerability.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||14 Feb 2006|
CVSS Metrics (Learn More)
This vulnerability was reported in Microsoft Security Bulletin MS06-007 . Microsoft credits Douglas Nascimento of Datacom with providing information regarding this issue.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2006-0021
- Date Public: 14 Feb 2006
- Date First Published: 14 Feb 2006
- Date Last Updated: 19 Feb 2006
- Severity Metric: 21.00
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.